US6473853B1 - Method and apparatus for initializing a computer system that includes disabling the masking of a maskable address line - Google Patents

Method and apparatus for initializing a computer system that includes disabling the masking of a maskable address line Download PDF

Info

Publication number
US6473853B1
US6473853B1 US09/337,369 US33736999A US6473853B1 US 6473853 B1 US6473853 B1 US 6473853B1 US 33736999 A US33736999 A US 33736999A US 6473853 B1 US6473853 B1 US 6473853B1
Authority
US
United States
Prior art keywords
processor
address
mask control
initialization
inhibit bit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
US09/337,369
Inventor
Christopher J. Spiegel
William A. Stevens, Jr.
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Priority to US09/337,369 priority Critical patent/US6473853B1/en
Assigned to INTEL CORPORATION reassignment INTEL CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: STEVENS, WILLIAM A., JR., SPIEGEL, CHRISTOPHER J.
Application granted granted Critical
Publication of US6473853B1 publication Critical patent/US6473853B1/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4403Processor initialisation

Definitions

  • This invention relates to the field of computer systems.
  • this invention is drawn to methods and apparatus for initializing a computer system having maskable address lines.
  • a computer system typically includes a processor such as a microprocessor that responds to an initialization event by initializing itself to a pre-determined state.
  • the pre-determined state may vary depending upon the type of initialization event.
  • the processor then typically begins executing initialization code located at a pre-determined location or address in memory. The process of initializing a computer system is often referred to as “booting” the computer system.
  • Some computer system architectures incorporate an address line masking function.
  • the address line masking function is used to ensure execution compatibility for program code designed for earlier generations of microprocessors having a smaller address space.
  • Various embodiments achieve the address line masking function using address line masking circuitry internal or external to the microprocessor integrated circuit package.
  • the address line masking function is provided to ensure compatibility with program code designed to execute on earlier generation microprocessors, improper application of the address line masking function can result in the microprocessor attempting to boot from a alternate location identified by the masked address lines. Depending upon the contents of the alternate location, the computer system may be rendered inoperable, at least until a subsequent reboot from the correct memory address. Alternatively, enabling the computer system to boot from the alternate address can result in unauthorized initialization code being executed, thus posing a security risk such as enabling an unauthorized application to gain control of the boot process.
  • one method includes the step of disabling masking of the maskable address line in response to a processor initialization event.
  • the initialization event includes application of power to the processor, a processor RESET, or a processor INIT.
  • an apparatus in one embodiment, includes a processor coupled to a memory by at least one maskable address line wherein the memory is storing a first initialization instruction.
  • the apparatus includes a mask control wherein the mask control disables masking of the maskable address line before the processor attempts to access the first initialization instruction in response to an initialization event.
  • a processor chipset gates a first address mask control with an inhibit bit to provide a second address mask control.
  • the second address mask control is independent of the first address mask control when the inhibit bit is set to a first value.
  • the processor chipset sets the inhibit bit to the first value in response to a processor initialization event.
  • FIG. 1 illustrates a generic computer system architecture
  • FIG. 2 illustrates the location of the first instruction of initialization code for processors having different addressable memory space.
  • FIG. 3 illustrates one embodiment of address line masking logic for performing address line masking external to the microprocessor.
  • FIG. 4 illustrates a microprocessor having a mask control pin for enabling and disabling address line masking.
  • FIG. 5 illustrates a method of booting a computer system having maskable address lines.
  • FIG. 6 illustrates one embodiment of a computer system including a microprocessor and accompanying chipset.
  • FIG. 7 illustrates another embodiment of a computer system including a microprocessor and an accompanying chipset.
  • FIG. 8 illustrates one embodiment of the application of the method of FIG. 5 .
  • FIG. 1 illustrates a basic microprocessor-based computer system architecture.
  • the computer system 100 includes processor 110 .
  • Input devices such as mouse 120 and keyboard 130 permit the user to input data to computer system 100 .
  • Information generated by the processor is provided to an output device such as display 140 .
  • Computer system 100 generally includes random access memory (RAM) 160 .
  • RAM random access memory
  • Nonvolatile mass data storage device 170 is used to retain programs and data even when the computer system is powered down.
  • nonvolatile mass storage device 170 is an electro-mechanical hard drive.
  • nonvolatile mass storage device 170 is a semiconductor nonvolatile memory.
  • Nonvolatile memory 180 stores initialization routines for the computer system.
  • Mouse 120 , keyboard 130 , RAM 160 , nonvolatile memory 180 , and nonvolatile mass storage device 170 are communicatively coupled to processor 110 through one or more address and data busses such as bus 150 .
  • Initialization of the computer system is performed upon power-up of the computer system or in response to hardware or software reset operations.
  • the processor is designed to read a pre-determined memory location when the processor is reset or powered up. This pre-determined location is identified by a boot vector.
  • the pre-determined memory location is typically an address in nonvolatile memory such as nonvolatile memory 180 .
  • the initialization routines are stored in a nonvolatile memory to ensure availability when the computer system is powered-up or reset.
  • Nonvolatile memory 180 is the boot device in computer system 100 .
  • nonvolatile memory 180 stores a bootstrap loader and other initialization routines such as power on self test (POST).
  • POST power on self test
  • Nonvolatile memory 180 may include routines to enable communication between the processor and input/output devices of the computer system. In some computer systems these routines are collectively referred to as the Basic Input Output System (BIOS). The BIOS typically identifies components of the computer system, maps resources, determines the state of the computer system upon initialization, and provides support for an operating system so that software executing on the processor can communicate with input/output devices such as the keyboard, mouse, nonvolatile mass memory storage device, and other peripheral devices. In various embodiments, nonvolatile memory 180 is a semiconductor nonvolatile memory such as flash electrically rewritable nonvolatile memory.
  • BIOS Basic Input Output System
  • processors belonging to the Intel x86 family of microprocessors or to other microprocessor families designed to be compatible with Intel x86 microprocessors are frequently used in computer system designs.
  • Intel microprocessors such as the x86 family of microprocessors have enjoyed a long history and widespread use.
  • Each generation of the x86 family has offered the capability of supporting software originally designed for earlier generations of the microprocessor. As the microprocessors become more sophisticated over time, so too does the complexity of ensuring program code compatibility with previous generations of the microprocessors in addition to providing new features.
  • one of the early Intel microprocessors utilized a segmented memory architecture. Physical memory locations are identified using a 16 bit segment register and a 16 bit offset. A physical memory address is identified by shifting the contents of the segment register left four bits and adding the offset. This addressing mode is referred to as “real mode.”
  • the 8086 only has 20 address lines (A 0 -A 19 ). As a result, the microprocessor's physical address space is limited to approximately one megabyte. Depending upon the segment and offset values chosen, however, computation of the address could result in a situation such that 21 bits would be required for the address. Due to the physical limitations of the 8086, any address bits beyond the 20 th address line would have no effect. Thus for some segment and offset values, the physical address space of the 8086 effectively “wraps around” the bottom of memory even if the address internally could be uniquely expressed.
  • legacy applications Some applications designed for the 8086 either deliberately used this feature or detected its occurrence and handled it in an application-specific manner. These and other applications designed for a microprocessor having the 20 bit physical address are referred to as legacy applications.
  • FIG. 2 illustrates the difference in physical address space between generations of the x86 family of microprocessors. As microprocessors became more sophisticated, the microprocessor's physical address bus tended to increase in size in order to support the larger address space.
  • the Intel 80286 microprocessor for example, includes 24 address lines.
  • the Intel 80386DX microprocessor for example, includes 32 address lines.
  • protected mode In protected mode addressing, the segment registers are referred to as “selectors” and they serve as pointers to data structures that define segmentation limits and addresses. “Protected mode” enables applications to access more than one megabyte of memory.
  • a mask control signal effectively masks the 21 st address line (A 20 ) to force it to a pre-determined value (logical “0”).
  • the mask control signal ensured that a pre-determined value (i.e., “0”) was always asserted for address line A 20 .
  • the address line masking function has been implemented in a number of ways.
  • Computer systems designed around the Intel 80286 microprocessor or Intel 80386 microprocessor for example, used masking circuitry external to the microprocessor.
  • Logic external to the microprocessor effectively masked at least one address line used to access the memory in response to a mask control signal.
  • the Intel 80486 microprocessor and the Intel Pentium® processor have address line masking circuitry internal to the microprocessor's integrated circuit package.
  • the address line masking circuitry is responsive to a mask control signal applied to a pin of the microprocessor's integrated circuit package. In computer systems designed around these microprocessors, the mask control signal itself is typically provided by the keyboard controller.
  • FIG. 3 illustrates one embodiment of mask control logic external to the microprocessor 310 .
  • the A 20 address line of microprocessor 310 is logically combined with a mask control signal 342 provided by the keyboard controller 340 using logic 344 external to the microprocessor (e.g., an AND gate). This may be the case, for example, with the Intel 80286 processor and the Intel 80386 processor.
  • FIG. 4 illustrates an alternative embodiment where the masking logic is incorporated into the microprocessor 410 .
  • masking logic incorporated into the microprocessor 410 is controlled by mask control signal (A 20 M#) received by a pin 416 of the microprocessor's integrated circuit package.
  • a 20 M# mask control signal
  • the Intel Pentium® processor for example, provides an A 20 M# pin for controlling the masking logic incorporated into the integrated circuit package.
  • the mask control signal may also be active high.
  • the address mask control signal is typically provided by the keyboard controller 440 .
  • the state of the address mask control signal upon computer system initialization is important to ensure a secure booting process.
  • Microprocessors are designed to initialize themselves to a pre-determined state in response to an initialization event.
  • the pre-determined state may vary depending upon the particular microprocessor and the type of initialization event. Security of the system may well depend upon the certainty that the microprocessor reaches the pre-determined state.
  • one type of initialization event is a “power-up” or the application of power to the microprocessor.
  • another type of initialization event is the assertion of the RESET# pin 414 of a microprocessor's integrated circuit package (i.e., performing a RESET).
  • these types of initialization events cause the microprocessors to perform a “hardware reset” of the processor and an optional built-in self-test.
  • a hardware reset sets each of the processor's registers to a known state and places the processor in real address mode.
  • a hardware reset also invalidates the internal caches, translation lookaside buffers, and branch target buffers.
  • the microprocessor begins executing initialization code at a pre-determined location.
  • Some members of the x86 family have an INIT# pin 412 as part of the microprocessor integrated circuit package. Assertion of the INIT# pin 412 is another type of initialization event. Assertion of the INIT# pin (i.e., performing an INIT) invokes a response similar to that of a hardware reset, however, the internal caches and certain other elements are left unchanged.
  • An INIT provides a method for switching from protected mode to real mode while maintaining the contents of the internal caches.
  • the first instruction fetched and executed following a hardware reset is located near the top of the processor's uppermost physical address.
  • the first instruction fetched by the x86 family of microprocessors for example, is 16 bytes from the top of memory.
  • the 8086 microprocessor is designed to begin executing initialization code at location FFFF0H as indicated by addressable space 210 .
  • 80386, 80486, Pentium®, Pentium® Pro, and Pentium® II processors ordinarily start executing initialization code at location FFFFF0H as indicated by addressable space 220 .
  • Each location is 16 bytes from the top of the processor's respective addressable range of memory.
  • the first instruction is stored in nonvolatile memory to ensure availability upon powering up the computer system.
  • ordinary real address mode may be used to access this location.
  • the pre-determined location is ordinarily beyond the one megabyte addressable range of the processor while in real address mode.
  • the Intel x86 family of microprocessors utilize a CS register and an EIP register to determine the location of the next instruction for execution.
  • the CS register includes a segment selector portion and a base address portion.
  • the base address is normally formed by shifting the 16 bit segment selector value four bits to the left to produce a 20 bit base address.
  • the segment selector portion is loaded with F000H and the base address portion is loaded with FFFF0000H.
  • the EIP register containing the offset is set to FFF0H.
  • a far jump, a far call, or the invocation of an interrupt will result in “normal” (i.e., address range less than one megabyte) real mode operation.
  • the instruction located at the predetermined memory location is a far jump identifying a memory location within nonvolatile memory containing additional boot code.
  • BIOS In one computer system architecture, a portion of the BIOS is stored at the pre-determined location. Thus the boot vector points to a portion of the BIOS.
  • the BIOS typically includes the power on self test code, interrupt service routines, device service routines, and configuration tables describing the computer system to the operating system.
  • the microprocessor may attempt to access an instruction at an alternate location rather than the pre-determined location. For example, depending upon whether the masking function masks only address line A 20 or A 20 -A 31 , the microprocessor may attempt to access alternate address FFEFFFF0H or 000FFFF0H instead of FFFFFFF0H.
  • the computer system may be rendered inoperable at least until masking is disabled and the computer system is rebooted. If the alternate location contains a valid instruction, the processor may begin executing code other than the proper initialization code. Alternatively, by defining the action (e.g., error handler) to take in response to an invalid opcode, another application may be able to seize control of the boot process even if the opcode at the alternate location is invalid. The user may not realize that normal initialization procedures have been circumvented. Generally, the computer system may be inadvertently exposed to a security risk if the address line masking function is enabled during initialization.
  • opcode invalid instruction
  • FIG. 5 illustrates one embodiment of a more secure method for booting a computer system having maskable address lines.
  • the processor receives an initialization event.
  • address line masking is disabled in response to the initialization event to ensure that the address lines are not masked.
  • the processor accesses the initialization code.
  • the processor begins executing the initialization code.
  • Address line masking can be enabled again once the appropriate initialization steps have been performed.
  • the initialization code performs validity testing on itself to ensure that the code has not been altered.
  • the initialization code performs steps to “lock down” the nonvolatile memory that the initialization code is stored in to prevent unauthorized code updates.
  • the particular steps taken before the address line masking is re-enabled may vary from system to system. Generally, at least one instruction will be executed before the address line masking function is re-enabled. Thus in step 550 , address line masking is enabled after executing at least one instruction.
  • the mask control signal must be inhibited in response to an initialization event and re-enabled only after the boot process is secure.
  • the mask control signal from the keyboard controller is inhibited by a supporting chipset of the microprocessor.
  • FIG. 6 illustrates a microprocessor 610 and components of a supporting chipset 620 .
  • Computer system architectures designed around a particular microprocessor often use chipsets specifically designed to support the selected microprocessor.
  • the chipset typically provides bus control functions and microprocessor control signals.
  • the chipset generates the processor mask control signal 628 in accordance with an inhibit bit 623 and the address mask control signal 642 provided by keyboard controller 640 .
  • the chipset inhibits the mask control signal 640 from the keyboard controller by gating the signal with the inhibit bit 623 stored in a chipset register 622 .
  • chipset 620 initializes this inhibit bit to a first value to disable the mask control signal 628 . As long as the bit is set to the first value, processor mask control 628 will be set to a predetermined value to prevent masking independent of the value of address mask control signal 642 and thus address mask control signal 642 is inhibited.
  • the inhibit bit may be used in conjunction with combinatorial logic to disable masking.
  • inhibit bit 623 can be set to a second value to enable the keyboard controller address mask control 642 to pass.
  • inhibit bit 623 is automatically set to a second value in response to the reading of one of the chipset registers. The second value ensures that the mask control signal 642 is no longer inhibited such that processor mask control signal 628 corresponds to address mask control signal 642 from the keyboard controller.
  • FIG. 7 illustrates another embodiment of a computer system.
  • Keyboard controller 740 provides the INIT 744 and the A 20 mask control signal 742 to the “south bridge” of chipset 720 .
  • the south bridge provides an INIT 732 and a processor mask control signal 730 to processor 710 .
  • the south bridge includes register 722 storing an inhibit bit 723 .
  • the inhibit bit may be logically combined with the A 20 mask control signal 742 to produce the processor mask control signal 730 .
  • the combinatorial logic depends upon whether the processor mask control signal 730 is active high or active low.
  • FIG. 8 illustrates one embodiment of the method of FIG. 5 as applied to the computer system of FIGS. 6 and 7.
  • the chipset detects the processor initialization event in step 810 .
  • the chipset is capable of sensing the processor initialization events including the application of power (a power up), a reset, or a processor INIT.
  • the chipset sets an inhibit bit to a first value in step 820 .
  • the processor mask control signal is generated as a logical combination of the inhibit bit and the mask control signal from the programmable keyboard controller.
  • the inhibit bit is set to the first value, the resulting processor mask control signal is set to a state to ensure no address masking independent of the mask control signal from the programmable keyboard controller.
  • the inhibit bit is a portion of a register in the chipset.
  • the processor is now capable of accessing the pre-determined address in response to the initialization event.
  • the processor reads a chipset register to determine features of the chipset or the computer system.
  • Step 830 sets the inhibit bit to a second value in response to a read access of the chipset register.
  • the processor mask control signal corresponds to the mask control signal provided by the keyboard controller.
  • a method includes the step of disabling address line masking in response to an initialization event.
  • a processor RESET, INIT, and power up are various types of initialization events.
  • the address line masking is re-enabled after the processor executes at least one instruction.
  • An apparatus for providing the address mask control signal includes an integrated circuit. The integrated circuit gates a first mask control signal with an inhibit bit to generate a second mask control signal. The integrated circuit initializes the inhibit bit to a first value in response to the initialization event to ensure that the second mask control signal does not mask any address lines. In one embodiment, the integrated circuit sets the inhibit bit to a second value in response to the reading of a register of the integrated circuit. The second mask control signal corresponds to the first mask control signal when the inhibit bit is set to the second value.

Abstract

A method of securing a boot process for a computer system enables a processor to boot from a location identified by a boot vector. The method includes the step of disabling masking of a maskable address line in response to a processor initialization event. In one embodiment, an apparatus includes a processor coupled to a memory by at least one maskable address line wherein the memory is storing a first initialization instruction. The apparatus includes a mask control wherein the mask control disables masking of the maskable address line before the processor attempts to access the first initialization instruction in response to an initialization event. In one embodiment a processor chipset gates a first address mask control with an inhibit bit to generate a second address mask control. The second address mask control is independent of the first address mask control when the inhibit bit is set to a first value. The processor chipset sets the inhibit bit to the first value in response to a processor initialization event. In various embodiments the initialization event include at least one of an application of power to the processor, a processor RESET, or a processor INIT.

Description

FIELD OF THE INVENTION
This invention relates to the field of computer systems. In particular, this invention is drawn to methods and apparatus for initializing a computer system having maskable address lines.
BACKGROUND OF THE INVENTION
A computer system typically includes a processor such as a microprocessor that responds to an initialization event by initializing itself to a pre-determined state. The pre-determined state may vary depending upon the type of initialization event. The processor then typically begins executing initialization code located at a pre-determined location or address in memory. The process of initializing a computer system is often referred to as “booting” the computer system.
Some computer system architectures incorporate an address line masking function. In one embodiment, the address line masking function is used to ensure execution compatibility for program code designed for earlier generations of microprocessors having a smaller address space. Various embodiments achieve the address line masking function using address line masking circuitry internal or external to the microprocessor integrated circuit package.
Although the address line masking function is provided to ensure compatibility with program code designed to execute on earlier generation microprocessors, improper application of the address line masking function can result in the microprocessor attempting to boot from a alternate location identified by the masked address lines. Depending upon the contents of the alternate location, the computer system may be rendered inoperable, at least until a subsequent reboot from the correct memory address. Alternatively, enabling the computer system to boot from the alternate address can result in unauthorized initialization code being executed, thus posing a security risk such as enabling an unauthorized application to gain control of the boot process.
SUMMARY OF THE INVENTION
In view of limitations of known systems and methods, methods and apparatus for enabling a secure boot process of a computer system having maskable address lines is provided. In particular, one method includes the step of disabling masking of the maskable address line in response to a processor initialization event. In various embodiments the initialization event includes application of power to the processor, a processor RESET, or a processor INIT.
In one embodiment, an apparatus includes a processor coupled to a memory by at least one maskable address line wherein the memory is storing a first initialization instruction. The apparatus includes a mask control wherein the mask control disables masking of the maskable address line before the processor attempts to access the first initialization instruction in response to an initialization event.
In one embodiment, a processor chipset gates a first address mask control with an inhibit bit to provide a second address mask control. The second address mask control is independent of the first address mask control when the inhibit bit is set to a first value. The processor chipset sets the inhibit bit to the first value in response to a processor initialization event.
Other features and advantages of the present invention will be apparent from the accompanying drawings and from the detailed description that follows below.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention is illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements and in which:
FIG. 1 illustrates a generic computer system architecture.
FIG. 2 illustrates the location of the first instruction of initialization code for processors having different addressable memory space.
FIG. 3 illustrates one embodiment of address line masking logic for performing address line masking external to the microprocessor.
FIG. 4 illustrates a microprocessor having a mask control pin for enabling and disabling address line masking.
FIG. 5 illustrates a method of booting a computer system having maskable address lines.
FIG. 6 illustrates one embodiment of a computer system including a microprocessor and accompanying chipset.
FIG. 7 illustrates another embodiment of a computer system including a microprocessor and an accompanying chipset.
FIG. 8 illustrates one embodiment of the application of the method of FIG. 5.
DETAILED DESCRIPTION
FIG. 1 illustrates a basic microprocessor-based computer system architecture. The computer system 100 includes processor 110. Input devices such as mouse 120 and keyboard 130 permit the user to input data to computer system 100. Information generated by the processor is provided to an output device such as display 140. Computer system 100 generally includes random access memory (RAM) 160.
Nonvolatile mass data storage device 170 is used to retain programs and data even when the computer system is powered down. In one embodiment nonvolatile mass storage device 170 is an electro-mechanical hard drive. In another embodiment nonvolatile mass storage device 170 is a semiconductor nonvolatile memory. Nonvolatile memory 180 stores initialization routines for the computer system. Mouse 120, keyboard 130, RAM 160, nonvolatile memory 180, and nonvolatile mass storage device 170 are communicatively coupled to processor 110 through one or more address and data busses such as bus 150.
Initialization of the computer system is performed upon power-up of the computer system or in response to hardware or software reset operations. Typically, the processor is designed to read a pre-determined memory location when the processor is reset or powered up. This pre-determined location is identified by a boot vector. The pre-determined memory location is typically an address in nonvolatile memory such as nonvolatile memory 180. The initialization routines are stored in a nonvolatile memory to ensure availability when the computer system is powered-up or reset.
The device storing the bootstrap loader and other minimal initialization procedures is referred to as the boot device. Nonvolatile memory 180 is the boot device in computer system 100. In one embodiment, nonvolatile memory 180 stores a bootstrap loader and other initialization routines such as power on self test (POST).
Nonvolatile memory 180 may include routines to enable communication between the processor and input/output devices of the computer system. In some computer systems these routines are collectively referred to as the Basic Input Output System (BIOS). The BIOS typically identifies components of the computer system, maps resources, determines the state of the computer system upon initialization, and provides support for an operating system so that software executing on the processor can communicate with input/output devices such as the keyboard, mouse, nonvolatile mass memory storage device, and other peripheral devices. In various embodiments, nonvolatile memory 180 is a semiconductor nonvolatile memory such as flash electrically rewritable nonvolatile memory.
Processors belonging to the Intel x86 family of microprocessors or to other microprocessor families designed to be compatible with Intel x86 microprocessors are frequently used in computer system designs. Intel microprocessors such as the x86 family of microprocessors have enjoyed a long history and widespread use. Each generation of the x86 family has offered the capability of supporting software originally designed for earlier generations of the microprocessor. As the microprocessors become more sophisticated over time, so too does the complexity of ensuring program code compatibility with previous generations of the microprocessors in addition to providing new features.
For example, one of the early Intel microprocessors, the Intel 8086, utilized a segmented memory architecture. Physical memory locations are identified using a 16 bit segment register and a 16 bit offset. A physical memory address is identified by shifting the contents of the segment register left four bits and adding the offset. This addressing mode is referred to as “real mode.”
The 8086 only has 20 address lines (A0-A19). As a result, the microprocessor's physical address space is limited to approximately one megabyte. Depending upon the segment and offset values chosen, however, computation of the address could result in a situation such that 21 bits would be required for the address. Due to the physical limitations of the 8086, any address bits beyond the 20th address line would have no effect. Thus for some segment and offset values, the physical address space of the 8086 effectively “wraps around” the bottom of memory even if the address internally could be uniquely expressed.
Some applications designed for the 8086 either deliberately used this feature or detected its occurrence and handled it in an application-specific manner. These and other applications designed for a microprocessor having the 20 bit physical address are referred to as legacy applications.
Later generation microprocessors tended to have larger physical address spaces than the 8086. FIG. 2 illustrates the difference in physical address space between generations of the x86 family of microprocessors. As microprocessors became more sophisticated, the microprocessor's physical address bus tended to increase in size in order to support the larger address space. The Intel 80286 microprocessor, for example, includes 24 address lines. The Intel 80386DX microprocessor, for example, includes 32 address lines.
In addition, these later generation microprocessors provided a more sophisticated addressing mode referred to as “protected mode.” In protected mode addressing, the segment registers are referred to as “selectors” and they serve as pointers to data structures that define segmentation limits and addresses. “Protected mode” enables applications to access more than one megabyte of memory.
Without proper handling, the presence of a 21st address line could prevent legacy applications designed to take advantage of or to account for its non-existence from executing properly. Therefore, an address masking function was provided to ensure legacy applications could execute properly on computer systems designed around microprocessors having an effective address bus of more than 20 bits. In particular, computer systems designed around these later microprocessors typically included an address line masking function to disable address line A20 (the 21st address line).
With respect to the x86 family of microprocessors, a mask control signal effectively masks the 21st address line (A20) to force it to a pre-determined value (logical “0”). When enabled, the mask control signal ensured that a pre-determined value (i.e., “0”) was always asserted for address line A20.
The address line masking function has been implemented in a number of ways. Computer systems designed around the Intel 80286 microprocessor or Intel 80386 microprocessor, for example, used masking circuitry external to the microprocessor. Logic external to the microprocessor effectively masked at least one address line used to access the memory in response to a mask control signal. The Intel 80486 microprocessor and the Intel Pentium® processor have address line masking circuitry internal to the microprocessor's integrated circuit package. The address line masking circuitry is responsive to a mask control signal applied to a pin of the microprocessor's integrated circuit package. In computer systems designed around these microprocessors, the mask control signal itself is typically provided by the keyboard controller.
FIG. 3 illustrates one embodiment of mask control logic external to the microprocessor 310. The A20 address line of microprocessor 310 is logically combined with a mask control signal 342 provided by the keyboard controller 340 using logic 344 external to the microprocessor (e.g., an AND gate). This may be the case, for example, with the Intel 80286 processor and the Intel 80386 processor.
FIG. 4 illustrates an alternative embodiment where the masking logic is incorporated into the microprocessor 410. In particular, masking logic incorporated into the microprocessor 410 is controlled by mask control signal (A20M#) received by a pin 416 of the microprocessor's integrated circuit package. The Intel Pentium® processor, for example, provides an A20M# pin for controlling the masking logic incorporated into the integrated circuit package. Although illustrated as an active low input, the mask control signal may also be active high. The address mask control signal is typically provided by the keyboard controller 440.
The state of the address mask control signal upon computer system initialization is important to ensure a secure booting process. Microprocessors are designed to initialize themselves to a pre-determined state in response to an initialization event. The pre-determined state may vary depending upon the particular microprocessor and the type of initialization event. Security of the system may well depend upon the certainty that the microprocessor reaches the pre-determined state.
For example, one type of initialization event is a “power-up” or the application of power to the microprocessor. Referring to FIG. 4, another type of initialization event is the assertion of the RESET# pin 414 of a microprocessor's integrated circuit package (i.e., performing a RESET). For Intel x86 family microprocessors, these types of initialization events cause the microprocessors to perform a “hardware reset” of the processor and an optional built-in self-test. For Intel architecture microprocessors, a hardware reset sets each of the processor's registers to a known state and places the processor in real address mode. A hardware reset also invalidates the internal caches, translation lookaside buffers, and branch target buffers. The microprocessor begins executing initialization code at a pre-determined location.
Some members of the x86 family have an INIT# pin 412 as part of the microprocessor integrated circuit package. Assertion of the INIT# pin 412 is another type of initialization event. Assertion of the INIT# pin (i.e., performing an INIT) invokes a response similar to that of a hardware reset, however, the internal caches and certain other elements are left unchanged. An INIT provides a method for switching from protected mode to real mode while maintaining the contents of the internal caches.
Typically the first instruction fetched and executed following a hardware reset is located near the top of the processor's uppermost physical address. The first instruction fetched by the x86 family of microprocessors, for example, is 16 bytes from the top of memory. Referring to FIG. 2, the 8086 microprocessor is designed to begin executing initialization code at location FFFF0H as indicated by addressable space 210. In contrast, 80386, 80486, Pentium®, Pentium® Pro, and Pentium® II processors ordinarily start executing initialization code at location FFFFFFF0H as indicated by addressable space 220. Each location is 16 bytes from the top of the processor's respective addressable range of memory. Some of these processor designs may enable re-definition of the boot vector through strapping options. The default boot vector, however, typically points to a location near the top of the physical address space.
The first instruction is stored in nonvolatile memory to ensure availability upon powering up the computer system. For processors having one megabyte or less of addressable space, ordinary real address mode may be used to access this location. For processors having more than 1 megabyte of addressable memory space, the pre-determined location is ordinarily beyond the one megabyte addressable range of the processor while in real address mode.
The Intel x86 family of microprocessors utilize a CS register and an EIP register to determine the location of the next instruction for execution. The CS register includes a segment selector portion and a base address portion. The base address is normally formed by shifting the 16 bit segment selector value four bits to the left to produce a 20 bit base address.
For microprocessors capable of addressing larger memory ranges, however, more than 20 address bits are required to access the upper range of memory. In one embodiment, this is accomplished during a hardware reset by initializing the base address portion of the CS register with a value otherwise inaccessible during real mode addressing. The address is then calculated by adding this base address to the segment offset rather than shifting the base address by four bits and adding it to the segment offset. For example, in one embodiment, the segment selector portion is loaded with F000H and the base address portion is loaded with FFFF0000H. The EIP register containing the offset is set to FFF0H. Thus the starting address is formed by adding the base address (FFFF0000H) to the offset (FFF0H), i.e., FFFF0000H+FFF0H=FFFFFFF0H.
The first time the CS register is loaded with a new value after a hardware reset, the processor will follow the normal rule for address translation in real address mode (i.e., CS base address=CS segment selector * 16). Thus a far jump, a far call, or the invocation of an interrupt will result in “normal” (i.e., address range less than one megabyte) real mode operation. Typically the instruction located at the predetermined memory location is a far jump identifying a memory location within nonvolatile memory containing additional boot code.
In one computer system architecture, a portion of the BIOS is stored at the pre-determined location. Thus the boot vector points to a portion of the BIOS. The BIOS typically includes the power on self test code, interrupt service routines, device service routines, and configuration tables describing the computer system to the operating system.
If the address masking function is enabled during the hardware reset or INIT, the microprocessor may attempt to access an instruction at an alternate location rather than the pre-determined location. For example, depending upon whether the masking function masks only address line A20 or A20-A31, the microprocessor may attempt to access alternate address FFEFFFF0H or 000FFFF0H instead of FFFFFFF0H.
If the alternate location contains an invalid instruction (opcode), the computer system may be rendered inoperable at least until masking is disabled and the computer system is rebooted. If the alternate location contains a valid instruction, the processor may begin executing code other than the proper initialization code. Alternatively, by defining the action (e.g., error handler) to take in response to an invalid opcode, another application may be able to seize control of the boot process even if the opcode at the alternate location is invalid. The user may not realize that normal initialization procedures have been circumvented. Generally, the computer system may be inadvertently exposed to a security risk if the address line masking function is enabled during initialization.
FIG. 5 illustrates one embodiment of a more secure method for booting a computer system having maskable address lines. In step 510, the processor receives an initialization event. In step 520, address line masking is disabled in response to the initialization event to ensure that the address lines are not masked. In step 530, the processor accesses the initialization code. In step 540, the processor begins executing the initialization code.
Address line masking can be enabled again once the appropriate initialization steps have been performed. In one embodiment, the initialization code performs validity testing on itself to ensure that the code has not been altered. In another embodiment, the initialization code performs steps to “lock down” the nonvolatile memory that the initialization code is stored in to prevent unauthorized code updates. The particular steps taken before the address line masking is re-enabled may vary from system to system. Generally, at least one instruction will be executed before the address line masking function is re-enabled. Thus in step 550, address line masking is enabled after executing at least one instruction.
There are numerous methods for implementing the mask inhibit function. Generally, however, as one component of a secure boot process, the mask control signal must be inhibited in response to an initialization event and re-enabled only after the boot process is secure. In one embodiment, the mask control signal from the keyboard controller is inhibited by a supporting chipset of the microprocessor.
FIG. 6 illustrates a microprocessor 610 and components of a supporting chipset 620. Computer system architectures designed around a particular microprocessor often use chipsets specifically designed to support the selected microprocessor. The chipset typically provides bus control functions and microprocessor control signals. In one embodiment, the chipset generates the processor mask control signal 628 in accordance with an inhibit bit 623 and the address mask control signal 642 provided by keyboard controller 640.
The chipset inhibits the mask control signal 640 from the keyboard controller by gating the signal with the inhibit bit 623 stored in a chipset register 622. In response to an initialization event, chipset 620 initializes this inhibit bit to a first value to disable the mask control signal 628. As long as the bit is set to the first value, processor mask control 628 will be set to a predetermined value to prevent masking independent of the value of address mask control signal 642 and thus address mask control signal 642 is inhibited.
The inhibit bit may be used in conjunction with combinatorial logic to disable masking. The combinatorial logic depends upon whether the mask control signal 628 is active high or active low. In one embodiment having an active high processor mask control signal 628, mask control is accomplished by logically ANDing the inhibit bit and the address mask control 642 to produce the processor mask control signal 628 (e.g., inhibit bit=“0” to disable masking). In an alternative embodiment having an active low processor mask control signal 628, mask control is accomplished by logically ORing the inhibit bit and the address mask control 642 to produce the processor mask control signal 628 (e.g., inhibit bit=“1” to disable masking).
Once the initialization process is secure, the inhibit bit 623 can be set to a second value to enable the keyboard controller address mask control 642 to pass. In one embodiment, inhibit bit 623 is automatically set to a second value in response to the reading of one of the chipset registers. The second value ensures that the mask control signal 642 is no longer inhibited such that processor mask control signal 628 corresponds to address mask control signal 642 from the keyboard controller.
FIG. 7 illustrates another embodiment of a computer system. Keyboard controller 740 provides the INIT 744 and the A20 mask control signal 742 to the “south bridge” of chipset 720. The south bridge provides an INIT 732 and a processor mask control signal 730 to processor 710. The south bridge includes register 722 storing an inhibit bit 723. The inhibit bit may be logically combined with the A20 mask control signal 742 to produce the processor mask control signal 730. The combinatorial logic depends upon whether the processor mask control signal 730 is active high or active low. In one embodiment, the inhibit bit 723 is logically ANDed with the A20 mask control signal 742 to produce the processor mask control signal 730 (i.e., active high, inhibit bit=“0” disables masking). In an alternative embodiment, the inhibit bit 723 is logically ORed with the A20 mask control signal 742 to produce the processor mask control signal 730 (i.e., active low, inhibit bit=“1” disables masking).
FIG. 8 illustrates one embodiment of the method of FIG. 5 as applied to the computer system of FIGS. 6 and 7. In particular, the chipset detects the processor initialization event in step 810. Typically the chipset is capable of sensing the processor initialization events including the application of power (a power up), a reset, or a processor INIT.
In response to the detection of a processor initialization event, the chipset sets an inhibit bit to a first value in step 820. The processor mask control signal is generated as a logical combination of the inhibit bit and the mask control signal from the programmable keyboard controller. When the inhibit bit is set to the first value, the resulting processor mask control signal is set to a state to ensure no address masking independent of the mask control signal from the programmable keyboard controller. In one embodiment, the inhibit bit is a portion of a register in the chipset.
The processor is now capable of accessing the pre-determined address in response to the initialization event. At some point during the initialization process, the processor reads a chipset register to determine features of the chipset or the computer system. Step 830 sets the inhibit bit to a second value in response to a read access of the chipset register. When the inhibit bit is set to the second value, the processor mask control signal corresponds to the mask control signal provided by the keyboard controller. This approach has the advantage that the BIOS is not relied upon for enabling or disabling the processor mask control signal, thus security is provided by the hardware rather than the BIOS.
Methods and apparatus to enable secure booting of a computer system having maskable address lines have been described. A method includes the step of disabling address line masking in response to an initialization event. A processor RESET, INIT, and power up are various types of initialization events. In one embodiment, the address line masking is re-enabled after the processor executes at least one instruction. An apparatus for providing the address mask control signal includes an integrated circuit. The integrated circuit gates a first mask control signal with an inhibit bit to generate a second mask control signal. The integrated circuit initializes the inhibit bit to a first value in response to the initialization event to ensure that the second mask control signal does not mask any address lines. In one embodiment, the integrated circuit sets the inhibit bit to a second value in response to the reading of a register of the integrated circuit. The second mask control signal corresponds to the first mask control signal when the inhibit bit is set to the second value.
In the preceding detailed description, the invention is described with reference to specific exemplary embodiments thereof. Various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention as set forth in the claims. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.

Claims (7)

What is claimed is:
1. A method for enabling a processor to boot from a location identified by a boot vector, comprising:
the processor receiving an initialization event;
disabling masking of a maskable address line of the processor in response to the initialization event;
the processor executing initialization code that is stored in a nonvolatile memory;
the initialization code locking the nonvolatile memory to prevent unauthorized code updates, and performing validity testing on itself to ensure that the code has not been altered; and
enabling masking of the maskable address line after the initialization code has performed the validity testing.
2. The method of claim 1 wherein the initialization event includes the application of at least one of i) power, ii) a RESET signal, and iii) an INIT signal to the processor.
3. An apparatus comprising:
a processor chipset, wherein the processor chipset gates a first address mask control with an inhibit bit to generate a second address mask control, wherein the second address mask control is independent of the first address mask control when the inhibit bit is set to a first value, wherein the processor chipset sets the inhibit bit to the first value in response to a processor initialization event.
4. The apparatus of claim 3 wherein the processor initialization event includes the application of at least one of i) power, ii) a RESET signal, and iii) a processor INIT signal.
5. The apparatus of claim 3 further comprising:
a processor coupled to a plurality of address lines, wherein the chipset sets the inhibit bit to a second value after the processor executes at least one initialization instruction, wherein the second address mask control corresponds to the first address mask control when the inhibit bit is set to the second value, wherein at least one of the plurality of address lines is masked in accordance with the second address mask control.
6. The apparatus of claim 5 wherein the chipset sets the inhibit bit to the second value when a chipset register is read.
7. The apparatus of claim 5 further comprising:
a nonvolatile memory storing initialization code, wherein the nonvolatile memory is locked to prevent modification before the chipset sets the inhibit bit to the second value.
US09/337,369 1999-06-21 1999-06-21 Method and apparatus for initializing a computer system that includes disabling the masking of a maskable address line Expired - Fee Related US6473853B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09/337,369 US6473853B1 (en) 1999-06-21 1999-06-21 Method and apparatus for initializing a computer system that includes disabling the masking of a maskable address line

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/337,369 US6473853B1 (en) 1999-06-21 1999-06-21 Method and apparatus for initializing a computer system that includes disabling the masking of a maskable address line

Publications (1)

Publication Number Publication Date
US6473853B1 true US6473853B1 (en) 2002-10-29

Family

ID=23320287

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/337,369 Expired - Fee Related US6473853B1 (en) 1999-06-21 1999-06-21 Method and apparatus for initializing a computer system that includes disabling the masking of a maskable address line

Country Status (1)

Country Link
US (1) US6473853B1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6622244B1 (en) * 1999-08-11 2003-09-16 Intel Corporation Booting from a reprogrammable memory on an unconfigured bus by modifying boot device address
US20030226123A1 (en) * 2002-06-04 2003-12-04 Thompson Ryan C. Method and apparatus for TLB entry tracking, collision detection, and address reassignment, in processor testcases
US6711675B1 (en) * 2000-02-11 2004-03-23 Intel Corporation Protected boot flow
US6748527B1 (en) * 2000-01-14 2004-06-08 Fujitsu Limited Data processing system for performing software initialization
US20050114620A1 (en) * 2003-11-21 2005-05-26 Justen Jordan L. Using paging to initialize system memory
US20050289336A1 (en) * 2004-06-28 2005-12-29 Yi-Chang Chen Method and apparatus for switching among multiple initial execution addresses
US20070113063A1 (en) * 2005-11-14 2007-05-17 Saul Lewites Method and apparatus for maintaining a partition when booting another partition
US20110066810A1 (en) * 2009-09-16 2011-03-17 Callahan Timothy J Persistent cacheable high volume manufacturing (hvm) initialization code
US9207949B2 (en) 2012-07-26 2015-12-08 Samsung Electronics Co., Ltd. Storage device comprising variable resistance memory and related method of operation
US20160085618A1 (en) * 2014-09-24 2016-03-24 Freescale Semiconductor, Inc. Electronic device having a runtime integrity checker
CN113360191A (en) * 2020-03-03 2021-09-07 杭州海康威视数字技术股份有限公司 Driving device of network switching chip

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5361492A (en) * 1991-12-09 1994-11-08 Molex Incorporated Method of mounting terminals to substrate
US5473775A (en) * 1991-10-11 1995-12-05 Kabushiki Kaisha Toshiba Personal computer using flash memory as BIOS-ROM
US5642110A (en) * 1990-11-09 1997-06-24 Ast Research, Inc. Memory mapped keyboard controller
US5724527A (en) * 1995-12-28 1998-03-03 Intel Corporation Fault-tolerant boot strap mechanism for a multiprocessor system
US5768496A (en) * 1994-01-20 1998-06-16 Alcatel Australia Limited Method and apparatus for obtaining a durable fault log for a microprocessor
US5857116A (en) * 1995-10-27 1999-01-05 Compaq Computer Corporation Circuit for disabling an address masking control signal when a microprocessor is in a system management mode
US5881295A (en) * 1995-02-07 1999-03-09 Hitachi, Ltd. Data processor which controls interrupts during programming and erasing of on-chip erasable and programmable non-volatile program memory
US6094690A (en) * 1997-11-13 2000-07-25 Samsung Electronics Co., Ltd. Computer system with dynamic enabling and disabling function of the internal VGA module
US6154837A (en) * 1998-02-02 2000-11-28 Mitsubishi Denki Kabushiki Kaisha Microcomputer enabling an erase/write program of a flash memory to interrupt by transferring interrupt vectors from a boot ROM to a RAM
US6226736B1 (en) * 1997-03-10 2001-05-01 Philips Semiconductors, Inc. Microprocessor configuration arrangement for selecting an external bus width

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5642110A (en) * 1990-11-09 1997-06-24 Ast Research, Inc. Memory mapped keyboard controller
US5473775A (en) * 1991-10-11 1995-12-05 Kabushiki Kaisha Toshiba Personal computer using flash memory as BIOS-ROM
US5361492A (en) * 1991-12-09 1994-11-08 Molex Incorporated Method of mounting terminals to substrate
US5768496A (en) * 1994-01-20 1998-06-16 Alcatel Australia Limited Method and apparatus for obtaining a durable fault log for a microprocessor
US5881295A (en) * 1995-02-07 1999-03-09 Hitachi, Ltd. Data processor which controls interrupts during programming and erasing of on-chip erasable and programmable non-volatile program memory
US5857116A (en) * 1995-10-27 1999-01-05 Compaq Computer Corporation Circuit for disabling an address masking control signal when a microprocessor is in a system management mode
US5724527A (en) * 1995-12-28 1998-03-03 Intel Corporation Fault-tolerant boot strap mechanism for a multiprocessor system
US6226736B1 (en) * 1997-03-10 2001-05-01 Philips Semiconductors, Inc. Microprocessor configuration arrangement for selecting an external bus width
US6094690A (en) * 1997-11-13 2000-07-25 Samsung Electronics Co., Ltd. Computer system with dynamic enabling and disabling function of the internal VGA module
US6154837A (en) * 1998-02-02 2000-11-28 Mitsubishi Denki Kabushiki Kaisha Microcomputer enabling an erase/write program of a flash memory to interrupt by transferring interrupt vectors from a boot ROM to a RAM

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6622244B1 (en) * 1999-08-11 2003-09-16 Intel Corporation Booting from a reprogrammable memory on an unconfigured bus by modifying boot device address
US6748527B1 (en) * 2000-01-14 2004-06-08 Fujitsu Limited Data processing system for performing software initialization
US20040193869A1 (en) * 2000-01-14 2004-09-30 Fujitsu Limited Data processing system for performing software intialization
US6711675B1 (en) * 2000-02-11 2004-03-23 Intel Corporation Protected boot flow
US20030226123A1 (en) * 2002-06-04 2003-12-04 Thompson Ryan C. Method and apparatus for TLB entry tracking, collision detection, and address reassignment, in processor testcases
US6735746B2 (en) * 2002-06-04 2004-05-11 Hewlett-Packard Development Company, L.P. Method and apparatus for TLB entry tracking, collision detection, and address reassignment, in processor testcases
US7149890B2 (en) 2003-11-21 2006-12-12 Intel Corporation Initializing system memory
US20050114620A1 (en) * 2003-11-21 2005-05-26 Justen Jordan L. Using paging to initialize system memory
US20050289336A1 (en) * 2004-06-28 2005-12-29 Yi-Chang Chen Method and apparatus for switching among multiple initial execution addresses
US20070113063A1 (en) * 2005-11-14 2007-05-17 Saul Lewites Method and apparatus for maintaining a partition when booting another partition
US7716465B2 (en) * 2005-11-14 2010-05-11 Intel Corporation Method and apparatus for maintaining a partition when booting another partition while an address line is disabled
US20110066810A1 (en) * 2009-09-16 2011-03-17 Callahan Timothy J Persistent cacheable high volume manufacturing (hvm) initialization code
US8645629B2 (en) * 2009-09-16 2014-02-04 Intel Corporation Persistent cacheable high volume manufacturing (HVM) initialization code
US8924649B2 (en) 2009-09-16 2014-12-30 Intel Corporation Persistent cacheable high volume manufacturing (HVM) initialization code
US9207949B2 (en) 2012-07-26 2015-12-08 Samsung Electronics Co., Ltd. Storage device comprising variable resistance memory and related method of operation
US20160085618A1 (en) * 2014-09-24 2016-03-24 Freescale Semiconductor, Inc. Electronic device having a runtime integrity checker
US9542263B2 (en) * 2014-09-24 2017-01-10 Nxp Usa, Inc. Electronic device having a runtime integrity checker
CN113360191A (en) * 2020-03-03 2021-09-07 杭州海康威视数字技术股份有限公司 Driving device of network switching chip

Similar Documents

Publication Publication Date Title
US7827371B2 (en) Method for isolating third party pre-boot firmware from trusted pre-boot firmware
US5684948A (en) Memory management circuit which provides simulated privilege levels
US7401358B1 (en) Method of controlling access to control registers of a microprocessor
US7043616B1 (en) Method of controlling access to model specific registers of a microprocessor
US6938164B1 (en) Method and system for allowing code to be securely initialized in a computer
US8327415B2 (en) Enabling byte-code based image isolation
US20090119748A1 (en) System management mode isolation in firmware
US7127579B2 (en) Hardened extended firmware interface framework
US7603551B2 (en) Initialization of a computer system including a secure execution mode-capable processor
US7165135B1 (en) Method and apparatus for controlling interrupts in a secure execution mode-capable processor
EP2669807B1 (en) Processor resource and execution protection methods and apparatus
US4581702A (en) Critical system protection
US20050055524A1 (en) Computer system employing a trusted execution environment including a memory controller configured to clear memory
US7130977B1 (en) Controlling access to a control register of a microprocessor
EP1495401B1 (en) Initialization of a computer system including a secure execution mode-capable processor
US20150227462A1 (en) Region identifying operation for identifying a region of a memory attribute unit corresponding to a target memory address
US20070136565A1 (en) Stack underflow debug with sticky base
KR20000022083A (en) Method for controlling access to register mapped to input/out(i/o) address space of computer system
US7146477B1 (en) Mechanism for selectively blocking peripheral device accesses to system memory
US7082507B1 (en) Method of controlling access to an address translation data structure of a computer system
US6473853B1 (en) Method and apparatus for initializing a computer system that includes disabling the masking of a maskable address line
WO2007146617A1 (en) Maintaining early hardware configuration state
US6711673B1 (en) Using a model specific register as a base I/O address register for embedded I/O registers in a processor
KR100928757B1 (en) System and method for control registers accessed via private operations
US6405311B1 (en) Method for storing board revision

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTEL CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SPIEGEL, CHRISTOPHER J.;STEVENS, WILLIAM A., JR.;REEL/FRAME:010055/0718;SIGNING DATES FROM 19990603 TO 19990604

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 4

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees
STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20101029